Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BilboBlog 多个跨站脚本漏洞
Vulnerability Description
BilboBlog 是一个基于php/mysql 的微博客软件。 BilboBlog 0.2.1版本存在多个跨站脚本漏洞。远程认证管理员可以借助(1)到admin/update.php的内容参数(与widget.php中的冲突代码有关),注入任意的web脚本或HTML;远程攻击者可以借助到head.php(可由index.php到达)的titleId参数,到footer.php的t_lang[lang_copyright]参数; the (4)到admin/下的默认的URI的内容参数, 到admin/ho
CVSS Information
N/A
Vulnerability Type
N/A